<?
/*

    This file is part of Blue Violin.

    Blue Violin is free software: you can redistribute it and/or modify
    it under the terms of the GNU Affero Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    Blue Violin is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU Affero Public License for more details.

    You should have received a copy of the GNU Affero Public License
    along with Blue Violin.  If not, see <http://www.gnu.org/licenses/>.

    Blue Violin  Copyright (C) 2008  Blue Violin, Inc. & Josh Watts <josh.watts@blueviolin.org>
	For more information, visit http://www.blueviolin.org/

    This program comes with ABSOLUTELY NO WARRANTY.

*/

require_once("Database.php");
require_once("Utility.php");
require_once("Security.php");

class BVScripts
{
	var $m_oDatabase;

	function BVScripts()
	{
		$this->m_oDatabase = new Database();
	}

	function Destruct()
	{
		$this->m_oDatabase->Destruct();
	}


	function GetNewLogin()
	{
		$oSecurity = new Security();
		$oSecurity->CreateLogin();
		//$oSecurity->Destruct();
	}


	function CheckLogin()
	{
		$sRet = "";
		if (isset($_COOKIE["BLUEVIOLIN_ID"]))
		{
			$sSQL = "select username " .
				"from Logins " .
				"where GUID = '" . $this->m_oDatabase->EscapeString($_COOKIE["BLUEVIOLIN_ID"]) . "'";
			$nRows = $this->m_oDatabase->ExecuteSQL($sSQL);
			if (0 < $nRows)
			{
				$aRow = $this->m_oDatabase->NextRow();
				$sRet = $aRow["username"];
				if ("" == $sRet)
				{
					$sRet = "%!$@#";
				}
			}
			else
			{
				$sRet = "";
			}
		}
		return $sRet;
	}



	function GetLoginID()
	{
// one day we'll return to using session IDs
//
// 		$sSQL = "select login_id " .
// 			"from Sessions " .
// 			"where session_id = '" . $_SESSION["SESSION_ID"] . "'";
// 		$this->m_oDatabase->ExecuteSQL($sSQL);
// 		$aRow = $this->m_oDatabase->NextRow();
// 		$nLoginID = $aRow["login_id"];

		$sSQL = "select login_id " .
			"from Logins " .
			"where GUID = '" . $this->m_oDatabase->EscapeString($_COOKIE["BLUEVIOLIN_ID"]) . "'";
		$this->m_oDatabase->ExecuteSQL($sSQL);
		$aRow = $this->m_oDatabase->NextRow();
		$nLoginID = $aRow["login_id"];
		return $nLoginID;
	}

	function CreateLogin($sEmail, $sPassword)
	{
		$oSecurity = new Security();
		$sXML = "";
		if (false == $oSecurity->CheckCookie())
		{
			$sXML = "<createlogin>false</createlogin>";
		}
		else
		{
			// check to see if the email address is already registered in the system
			$sSQL = "select count(*) as count " .
				"from Logins " .
				"where username = '" . $this->m_oDatabase->EscapeString($sEmail) . "'";
			$this->m_oDatabase->ExecuteSQL($sSQL);
			$aRow = $this->m_oDatabase->NextRow();
			if (0 == $aRow["count"])
			{
				$sSQL = "update Logins " .
					"set username = '" . $this->m_oDatabase->EscapeString($sEmail) . "', " .
					"email = '" . $this->m_oDatabase->EscapeString($sEmail) . "', " .
					"password = md5('" . $this->m_oDatabase->EscapeString($sPassword) . "') " .
					"where GUID = '" . $this->m_oDatabase->EscapeString($_COOKIE["BLUEVIOLIN_ID"]) . "'";
				$this->m_oDatabase->ExecuteSQL($sSQL);
				$sXML = "<createlogin>true</createlogin>";
			}
			else
			{
				$sXML = "<createlogin>duplicateemail</createlogin>";
			}
		}
		return $sXML;
		$oSecurity->Destruct();
// 		return "foobaroo";

		
	}
	

	function Login($sEmail, $sPassword)
	{
		$oSecurity = new Security();
		$sXML = "";
		$aUserInformation = $oSecurity->AuthenticateLogin($sEmail, $sPassword);
		if (false == $aUserInformation)
		{
			$sXML = "<login>false</login>";
		}
		else
		{
			$sXML = "<login>" .
				$aUserInformation["GUID"] . 
				"</login>";
		}
		return $sXML;
		$oSecurity->Destruct();
	}
	


	function Save($sScript)
	{
		$nLoginID = $this->GetLoginID();
	}



	function GetScripts()
	{
		$nLoginID = $this->GetLoginID();
		$sSQL = "select name, script_guid, timestamp " .
			"from Scripts " .
			"where login_id = " . $nLoginID . " " .
			"order by name";
		$aRows = $this->m_oDatabase->ExecuteSQLGetResults($sSQL);
		return $aRows;
	}


	function GetList()
	{
		$sJson = "";
		$nLoginID = $this->GetLoginID();
		$sSQL = "select name, script_guid, timestamp " .
			"from Scripts " .
			"where login_id = " . $nLoginID . " " .
			"order by name";
		$nRows = $this->m_oDatabase->ExecuteSQL($sSQL);
		for ($i = 0;
			 $i < $nRows;
			 $i++)
		{
			$aRow = $this->m_oDatabase->NextRow();
			if (0 != $i)
			{
				$sJson .= ",";
			}
			$sJson .= "{\"name\":\"" . $aRow["name"] . "\", " .
				"\"guid=\":\"" . $aRow["script_guid"] . "\", " .
				"\"timestamp\":\"" . $aRow["timestamp"] . "\"}";

		}
		return("{\"files\":[" . $sJson . "]}");
	}

	function LoadScript($sName)
	{
		$nLoginID = $this->GetLoginID();
		$sXML = "";
		$sSQL = "select * " .
			"from Scripts " .
			"where login_id = " . $nLoginID . " " .
			"and name = '" . $sName . "'";
		$nRows = $this->m_oDatabase->ExecuteSQL($sSQL);
		if (false != $nRows)
		{
			$aRow = $this->m_oDatabase->NextRow();
			if (get_magic_quotes_gpc())
			{
				$sScript = stripslashes($aRow["script"]);
			}
			else
			{
				$sScript = $aRow["script"];
			}
			$sXML = "<script name=\"" . $aRow["name"] . "\" ".
				"guid=\"" . $aRow["script_guid"] . "\" " .
				"timestamp=\"" . $aRow["timestamp"] . "\">" .
				"<![CDATA[" .
				$sScript .
				"]]>" .
				"</script>";
		}
		else
		{
			$sXML = "<problem>" .
				$this->m_oDatabase->Error() . 
				"</problem>";
		}
		return $sXML;
	}

	function SaveScript($sName, $sScript)
	{
		$nLoginID = $this->GetLoginID();
		$sSQL = "select count(*) as count " .
			"from Scripts " .
			"where login_id = " . $nLoginID . " " .
			"and name = '" . $this->m_oDatabase->EscapeString($sName) . "'";
		$nRows = $this->m_oDatabase->ExecuteSQL($sSQL);
		$aRow = $this->m_oDatabase->NextRow();
		if (0 == $aRow["count"])
		{
			$sSQL = "insert into Scripts (login_id, name, script, timestamp) values " .
				"(" .
				$nLoginID . ",'" .
				$this->m_oDatabase->EscapeString($sName) . "', '" .
				$this->m_oDatabase->EscapeString($sScript) . "', now())";
			$this->m_oDatabase->ExecuteSQL($sSQL);
		}
		else
		{
			$sSQL = "update Scripts set " .
				"script = '" . $this->m_oDatabase->EscapeString($sScript) . "', " .
				"timestamp = now() " .
				"where " .
				"    login_id = " . $nLoginID . " " .
				"and name = '" . $this->m_oDatabase->EscapeString($sName) . "'";
			$this->m_oDatabase->ExecuteSQL($sSQL);
		}
		return;
	}
}

?>